from ctypes import *
# 定义_PROCESS_INFORMATION结构体
   class _PROCESS_INFORMATION(Structure):     
       _fields_ = [('hProcess', c_void_p),
                     ('hThread', c_void_p),
                     ('dwProcessId', c_ulong),
                     ('dwThreadId', c_ulong)]
   # 定义_STARTUPINFO结构体
   class _STARTUPINFO(Structure):
       _fields_ = [('cb',c_ulong),
                     ('lpReserved', c_char_p),
                     ('lpDesktop', c_char_p),
                     ('lpTitle', c_char_p),
                     ('dwX', c_ulong),
                     ('dwY', c_ulong),
                     ('dwXSize', c_ulong),
                     ('dwYSize', c_ulong),
                     ('dwXCountChars', c_ulong),
                     ('dwYCountChars', c_ulong),
                     ('dwFillAttribute', c_ulong),
                     ('dwFlags', c_ulong),
                     ('wShowWindow', c_ushort),
                     ('cbReserved2', c_ushort),
                     ('lpReserved2', c_char_p),
                     ('hStdInput', c_ulong),
                     ('hStdOutput', c_ulong),
                     ('hStdError', c_ulong)]
   NORMAL_PRIORITY_CLASS = 0x00000020              # 定义NORMAL_PRIORITY_CLASS
   kernel32 = windll.LoadLibrary("kernel32.dll")       # 加载kernel32.dll
   CreateProcess = kernel32.CreateProcessA         # 获得CreateProcess函数地址
   ReadProcessMemory = kernel32.ReadProcessMemory # 获得ReadProcessMemory函数地址
   WriteProcessMemory = kernel32.WriteProcessMemory    # 获得WriteProcessMemory函数地址
   TerminateProcess = kernel32.TerminateProcess
   # 声明结构体
   ProcessInfo = _PROCESS_INFORMATION()
   StartupInfo = _STARTUPINFO()
   file = 'ModifyMe.exe'                           # 要进行修改的文件
   address = 0x0040103c                                # 要修改的内存地址
   buffer = c_char_p("_")                          # 缓冲区地址
   bytesRead = c_ulong(0)                          # 读入的字节数
   bufferSize = len(buffer.value)                  # 缓冲区大小
   # 创建进程
   if CreateProcess(file, 0, 0, 0, 0, NORMAL_PRIORITY_CLASS, 0, 0, byref(StartupInfo), byref(ProcessInfo)):
       # 读取要修改的内存地址，以判断是否是要修改的文件
       if ReadProcessMemory(ProcessInfo.hProcess, address, buffer, bufferSize, byref(bytesRead)):
           if buffer.value == '\x74':
               buffer.value = '\x75'                  # 修改缓冲区内的值，将其写入内存
               # 修改内存
               if WriteProcessMemory(ProcessInfo.hProcess, address, buffer, bufferSize, byref(bytesRead)):
                   print '成功改写内存!'
               else:
                   print '写内存错误!'
           else:
               print '打开了错误的文件!'
              TerminateProcess(ProcessInfo.hProcess,0)   # 如果不是要修改的文件，则终止进程
       else:
           print '读内存错误!'
   else:
       print '不能创建进程!'